What every manager wants to avoid

In our work, we audit any new company we work with and have observed that a common theme in many is that managers don’t appear to want to manage.

By that we mean managing people. Setting standards on performance and monitoring them, holding employees to account, identifying what behaviours are needed to create the right culture to grow the business and being confrontational if and when it is necessary. Or they are only embracing the nicer side of management. Giving out pay rises and promotions etc

Managers and leaders seldom avoid this type of work for any other reason than they don’t know how to do it and are worried about getting it wrong. Often employees pick up on a fear and become experts on how to make the most of this which is rarely beneficial for the manager or the company. Equally managers aren’t set any targets or held to account about whether they do it (well) or not. So they will naturally focus on what is valued.

As we are all aware, being good at a technical or specialist role can often lead to promotion into a completely different type of role. Leading and managing a team is so much more than being the most senior member of it with the biggest say. The person that earns the most does so because they also have significant people management responsibilities and are accountable for their team as well as business area. Rarely is this properly explained. During recruitment or promotion discussions. Usually the elephant in the room and therefore often misunderstood.

No training or guidance for managers

Here are some of the things that managers have often had no training or guidance on whatsoever:

  • A core understanding of management theory and what is relevant to their company and industry
  • How to delegate and communicate effectively
  • An understanding of their obligations and duty of care under employment and health and safety legislation
  • How to turn key organisational KPI’s into objectives or targets for staff
  • The difference between technical and behavioural competence
  • How to understand and harness the power of personality
  • How to select staff – interview competentantly, understand and recognise unconscious bias and discrimination. Understand the equality act.
  • Motivational techniques and team building

It stands to reason that if you don’t know how to do something you may avoid it or try and get someone else to do it. Particularly if you fear negative consequences for yourself. Or if you observe that no-one else is tackling similar issues.

Revolving door culture

But as many will be aware, not doing something often has a bigger impact on your culture than doing something, even if it’s not perfect. Not tackling people management issues will build up over time until you start to observe that your good people are leaving. You will replace them of course. At considerable time and expense. And then your fanastic new hire might leave before their probabtion period is up and you start to wonder if it’s something in the business.

The truth is that it’s your culture. How you do things. What you avoid or ignore.

Targetted development

But you can address the fear and reluctance of maangers with some targeted management development training. A core part of that should be an assessment of whether you have the right poepe in lead roles.  Often you will have and they just need devellping. But some people don’t make or want to manage people. No matter how much you spend on core Leadership programmes. However they may be suited to a different specialist role? Or have a No 2 that is interested?

What provider to pick?

There are plenty of companies around who specialise in leadership and management development training. Many long established and many newer ones coming through.

Talking to CEO’s about their previous experiences of such engagement they often report that many staff enjoy attending such initiaitves but they rarely had a long lasting effect as they often didn’t address the following issues:

  • Who held managerial posts
  • What their remit was v what they did
  • Whether the corporate structure was correct
  • What the culture was (desirable v actual)
  • How they would be managed post the intervention

It was hard therefore to quantify any return on the investment made often because the desired outcome hadn’t been pinned down or properly understood.

Our approach

At Amelore, supporting organisations to develop managers has become a growing area for us.  We usually work with companies that are already established and performing well but who want to develop their management team and culture to create space for a senior team to focus on the strategy. Often they don’t have an HR Director in their business.

Our work as external HR professionals can involve us recruiting new managers and coaching key individuals along side regular internal workshops. We can honestly say that every company has different needs and consequently different programmes.

What we bring is our insight into how to make companies work better which we’ve gained over many years. And our HR expertise.  And just like Mary Poppins, we stay as long as we are needed. Ultimately our aim is to leave that company in a good place to grow, compete and innovate. To give it competitive advantage because it works as well on the inside as the outside.

Your Recruitment Options

Hiring the right people is as significant to the success of a company as the business model and health of the balance sheet.

Recruitment is a highly lucrative unregulated and fast growing industry. It is important therefore for companies to understand the different options available to them, the costs as well as the benefits and any downside of the choices they make.

Common recruitment mistakes

Organisations in high growth mode often run very inefficient and costly recruitment processes with little thought for the candidate experience even though it is a seller’s market.  Multiple repetitive interviews, waiting until vacancies have been created to start a process and failing to assess candidates thoroughly are typical.

Some Key Facts

The CIPD (Chartered Institute of Personnel and Development) in partnership with Hays Recruitment, conducted a Resourcing and Talent Planning survey in 2015.

Resourcing and talent management in current economy “an employee’s market”

  • Half of CEOs have recruitment & talent management as a priority;
  • Three quarters are recruiting key talent/niche areas;
  • Growing demand for labour – more than half expecting headcount to increase;
  • Skills shortages are escalating – four-fifths feel that competition for talent has increased;
  • Lack of specialist or technical skills & lack of sector/industry or general experience were common problems;
  • Organisations are increasingly required to be creative in both their search for candidates and the packages they offer.

What are your recruitment options?

Your network – Many companies use their personal network to find staff and this can be very effective. However it can also lead to skills shortages and complications with personal relationships.

Advertising on line – Companies may advertise via online sites such as Linkedin, Indeed, Monster, Fish4jobs etc  This has the benefit of advertising that your company is busy and hiring but can create a lot of administration.

Recruitment Agencies – You won’t have been in business long before the sales calls start.  When choosing an agency, try and get a recommendation and check their credentials. Anyone can set an agency up with no qualifications or experience. If things like diversity and inclusion are important to your company make sure you ask about this.

Executive Search or Headhunters – This is usually used for senior or specialised roles due to the cost. Finding a firm that understands and challenges you is worth a lot. Meeting a few firms and interviewing them can be helpful.

Independent HR company or freelance individual – Many experienced HR professionals have strong recruitment experience gained from working in-house. A key component of recruitment is identifying the passive candidate.  You pay a day rate for experienced professionals to find and speak to candidates for you.

They will often also manage the entire process for you, even if you work with an external recruiter. Always a cheaper option but requires an investment in developing knowledge and relationships so the right candidates are identified. Key factor here is that there is no placement fee so no pressure to put up salaries or package to enhance the fee.

What is the difference between Executive Search and Recruitment Agencies?

The aim of Recruitment Agencies is to fill a position with the best available person. Recruitment agencies source from a pool of candidates that are actively looking for a new challenge by advertising on various platforms. This leads to a group of candidates that are “self-selected” of which the selection was not pre-determined by the company.

The aim of Executive Search consultants is to locate and recruit the best person, regardless of whether he or she is already employed or seeking a new position.

This approach can broaden and deepen the talent pool available to a search firm’s clients and places the control of who should be part of this talent pool, squarely in the hands of the client company.

There may also be the use of specialised psychometric tools, resources and skills to enhance the selection process.

The costs

Executive Search and Recruitment Agencies tend to charge a percentage fee or a retainer.

The percentage fee is based on the starting salary of the candidate and is normally payable once the candidate starts work with you. This form of charging is most common and if you don’t find a suitable candidate, you don’t have to pay the agency anything.

However, fees can vary from 8-25% depending on the agency and the salary. If you choose a retainer fee, it is agreed at the outset; with a percentage being payable upfront and the remainder due when the candidate starts their employment.

If you are using an independent HR consultancy you won’t pay a placement fee. Just a day rate which almost always works out cheaper.

Looking ahead

It is important for companies to understand and cultivate their ability to read market conditions, trends, movement and fluidity in order to develop and manage effective recruitment strategies. Needs changes as companies grow and it is important to regularly review this.

The truth about Tribunal Indemnity Insurance

Many busy SME owners choose outsourced HR providers based on the fact that Tribunal Indemnity Insurance is offered and so they feel they have mitigated against a potential financial risk and made a good choice.

However many don’t fully understand what this insurance is and the impact on their business of signing up to such a service. They also have little idea of what risks if any they actually have in their business of someone making a successful claim against them. This blog explains it further.

What is it Tribunal Indemnity Insurance?

Because employment law can appear complex and full of tricky loopholes, the scaremongers selling tribunal indemnity insurance often have a field day by playing on people’s fears of something that can in many circumstances be prevented.

Tribunal indemnity insurance takes various forms which range from insurance against all legal and compensation costs arising from a tribunal claim, to just simply covering legal costs or nothing at all because you didn’t follow their rules.

As with any insurance policy, the first step is to think about the risk you are insuring against. It’s an easy decision for an electrical firm with a warehouse near a river to insure against flood damage. If there’s a flood, all of the stock could be wiped out and the business could go bust. The risk is high, and so is the potential cost of the insured event.

For business owners, it’s not so easy to quantify the risk and potential costs of a tribunal claim, so they go for peace of mind, and take the insurance. The reality is that there are many steps in the journey to an employment tribunal, and an employer who has sensible HR policies and procedures in place, and follows them, is at a very low risk of losing an employment tribunal claim. Even if the employer loses the claim and has to make a compensation payment, the costs are often nowhere near as high as expected.

The claim with the highest sum awarded was in a sex discrimination claim. These are technically uncapped, and can also include awards for injury to feelings.  But the median award in 2016/17 for Sex Discrimination claims was £8,381and for Disability Discrimination it was £10,235. Although there will always be media stories about huge successful claims, they are rare, and the median award is a more realistic indicator of your potential financial risk. The median compensation payment for Unfair Dismissal claims in the same period was £ 7,521.

Three things you should know about Tribunal Indemnity Insurance

No 1 – You may not even need it

The electrical services company will not sit and watch the river rising or not worry about their stock, just because they have insurance. They will use sandbags, move the stock to higher shelves, and stand by with buckets to bale out the water as it flows in. Nobody wants to have to deal with the aftermath of a flood. It’s better to prevent the damage in the first place. If business owners took the same approach to people issues, and took notice and practical action early on, there would be little risk of a tribunal claim, and therefore little need for an insurance policy.

There are HR experts, like us, who can explain all the rules, and help managers to take each step carefully, ensuring that employees are treated fairly and that the needs of the business are also met. This is equivalent to using sandbags.

If managers are not capable of handling an issue with performance, or there is a persistent problem, such as bullying and harassment, then HR experts, can provide training, coaching and even hand holding to support them. This is effectively like moving the stock to higher shelves. But the effect is longer lasting as they are learning how to manage such situations and won’t be fearful of them.

If matters are so serious that the employee is likely to be able to make a claim at an employment tribunal, there are HR experts like Amelore, who can help the business to evaluate the risk of a successful claim, and mediate between the employer and employee.  If that doesn’t work/or it’s to late for that then they can negotiate the terms of a settlement agreement, making a financial payment to the employee to leave the business and waive all their rights to making a claim against you. This is not desirable, and does cost money, but still salvages the situation, a bit like baling water with a bucket. However often this will be much less than you think.

No 2 – Not all of your costs will be covered

If the tribunal claim goes ahead, there will be legal costs, but much more significantly, there will be huge management time lost in the preparation and aftermath of a tribunal – these costs will not be covered by the insurance. The impact on employee motivation, and even on management morale, which ultimately hits the bottom line of the business, doesn’t have a price, and therefore isn’t covered by the insurance.

Using a pragmatic, knowledgeable HR professional to avoid the problem will always be cheaper than paying a lawyer to fix it.

No 3 – Insurance companies don’t like paying out

The real nub of the issue is this – there are so many ‘get out’ clauses in the tribunal indemnity insurance, that an employer runs a real risk of thinking they are covered, only to find that the insurance company then gives lots of reasons why they won’t pay out.

If the insurance is offered as part of an HR service, there will be a big caveat stating that if the employer doesn’t consult the service provider and follow the employment law advice to the letter, the insurance will be invalidated.

This also means that the HR service provider is likely to sit on the fence, or tell their client what the law is, without committing to a recommendation, for fear of invalidating the insurance. So the whole process will go on and on whereas most SME’s need a quick resolution so they can focus on their business.

Some providers may even boast that they help their clients to make sure their paperwork is correct, so that if a claim goes to tribunal, they will have a ‘bundle’ already prepared, saving lots of time. It doesn’t save lots of time for the business owner or manager trying to do their day job and providing them with that paperwork.

In our experience the vast majority of employees are reasonable people, who in turn want to be treated reasonably by their employer. The vast majority of managers and business owners want to have happy, engaged employees.

Surely everyone’s time and effort would be better spent building good relationships, ironing out misunderstandings, and dealing in a reasonable way with problems, than filling in forms, following scripts and ticking boxes to make sure that the tribunal insurance is not invalidated?

Summary

So in summary our advice is if you are looking at HR outsourcing providers don’t base your decision on fear.  Fear of something you don’t fully understand. If anyone is selling you their services and using fear as their main incentive ask yourself why?

A good HR outsourcing provider will audit your business and then make clear practical proportionate recommendations to ensure you are legally compliant and have good HR practices embedded. This may involve training your managers. This significantly reduces the risk of a successful claim against your business.

Also take care that the outsourced HR provider you select doesn’t tie you into a long notice period as that will tell you something important about them. Long notice periods are designed to cover poor service. Most SME’s don’t have the time or the energy to battle their way out of a contract they have signed in a rush without understanding the potentially negative consequences.

If you do have an employee dispute and are supported by an outsourced HR provider that doesn’t offer Tribunal Indemnity Insurance, this will be dealt with swiftly and you will benefit from pragmatic commercial advice about your options and any risks.

At Amelore we don’t offer Tribunal Indemnity Insurance. We work with businesses and individuals and firm but fair. We have also never been successfully taken to an Employment Tribunal.  We are not complacent about that fact but we are extremely proud of it.

GDPR and HR practices – IN A NUTSHELL

The acronym GDPR has been on the lips of many business owners in recent months and with the wide variety of effects on different organisational functions to consider, one may be forgiven for believing it should stand for Good Day to Panic & Run!

But, there’s no need to worry as long as you take steps to put manageable adjustments in place that will ensure your business is compliant with the General Data Protection Regulation by 25th May 2018.

This blog has been put together to specifically help you understand what GDPR means for the HR practices in your business, with the aim of helping ensure you’re anxiety free and ready to go when the deadline arrives.

Why will GDPR affect HR practices?

With increasingly globalised networks and a shift to online communications, GDPR has been put in place to protect the personal data of EU citizens and will apply even though the UK will be leaving the EU, due to the fact that at the time of GDPR coming in to force we will still be part of the EU and are therefore bound by the requirements.

It’s the biggest change to hit how data is regulated in 20 years during which time much has changed.  As a data protection regulation, the changes will mean that all organisations will need to review how they handle the data of employees as well as job candidates, ensuring processes are put into place to guarantee compliance.   If businesses fail to comply and are found to be in breach of the regulations, they could end up penalised as a result.

Privacy Notices

A privacy notice is used to inform people how their personal data will be used by an organisation in as transparent and accessible way as possible. In preparation for GDPR, privacy notices must now clearly outline the intended use of data, including detail such as how long the data will be stored, and whether this data is shared with other countries within and outside of the EU. Individuals should also be clearly directed to the organizational process for making a subject access request to view information about them held by the organisation if they wish to do so.

What should you do? Job applicants and interview candidates should be directed to a privacy notice when sending personal information as part of the recruitment process. Privacy notices should also be shared with new and existing employees with regards to their personal employment records.

Protecting the data of your staff

In addition to GDPR rules, it should be considered ethical that companies take full responsibility and ownership when it comes to protecting employee data, how it is kept and ensuring it is not shared. Personal data you may hold about employees and job candidates would more than likely include sensitive information such as home address, date of birth, contact details, and after recruitment, national insurance numbers and bank account details.

What should you do?  First and foremost you should review your organisational processes for obtaining, handling and storing CV’s, job applications and employee information. There are many ways you can protect this data including the implementation of encrypted passwords on secure servers and deleting securely any data relating of unsuccessful candidates after a given period of time. If you use outsourced services like payroll or candidate verification, check their compliance with GDPR too. You may also want to consider outsourcing a cyber security procedure and taking out cyber insurance. If you don’t use an HR database yet, this may be worth implementing along with reviewing the need for hard copy HR files.

New breach notification requirement

If there is a breach of data protection, GDPR provides clear guidelines on the action that must be taken after receiving a breach notification. Businesses must inform the Data Protection Agency within 72 hours of a breach, or provide justification in the event of a delay. Businesses must also notify individuals affected by a data breach promptly and directly, particularly if the breach presents a high risk to the data subject’s rights and freedoms.

What should you do? If a breach originates from HR related activity, whoever is responsible in your organisation for HR must liaise with legal or compliance teams immediately. The same person with the organizational HR lead is also likely to play a key role in the management of data breaches affecting employee data that require data subject notification. Businesses must also take action to review internal HR and business policies and procedures.

Right to request, review and be removed

If you currently take a ‘one size fits all’ approach with regard to obtaining consent to hold staff data and to communicate to previous candidates or job applicants, you will probably need to think again.  Moving forward “specific, informed and unambiguous” consent must be obtained. Current methods of gaining consent (often via a contract of employment) must be reviewed to eliminate any uncertainty about what data is being collected, its purpose, the length of time consent will remain valid, and the process for withdrawing consent at any time. Individuals will also be able to request at any time, to know what data you hold about them, where it is kept, and how it is used.

What should you do?  You must respond to requests and act upon them, so you may want to put in place a procedure that is shared with your senior management team on what to do in the event they get approached by an individual for this information. The likelihood is also, that all current staff members will need new contracts containing updated consent requests.

Consequences for staff of non GDPR compliance

It’s really important that all your staff are aware of this significant change to how data is managed and protected as it will impact on many aspects of your business.  In particular they need to understand that data can’t be shared without explicit consent (no matter how good the intention for doing so is) and that there may be serious personal consequences of something like a data breach if it was due to poor data security practices.

What you should do? Identify who needs to be trained, what they need to know and who will do this. Check existing policies to see if they need updating to reflect GDPR. Eg Disciplinary policy to capture Serious data security and/or data breach as gross misconduct.  Review all internal communications and current data storage systems. Don’t forget email which can harbor all sorts of highly confidential personal data.

Data Protection Officers 

Businesses that handle special categories of data or data relating to criminal convictions and offences (sometimes included on recruitment applications) must have a designated Data Protection Officer (DPO). A DPO is someone who takes on additional responsibilities for implementing processes and monitoring compliance with GDPR and advising individuals and teams on GDPR compliant approaches to data management.

What should you do? It may be worth considering appointing a nominated ‘senior’ member of staff either from within your organisation, or someone external to the company, to act as a DPO for your organisation.

 IF YOU WANT ANY HELP OR ADVICE please get in touch with us at Amelore by calling 01453 548070 or emailing ruthcornish@amelore.com.

GDPR – Managing HR & Payroll records

As preparations for GDPR continue, All employers must be aware of which employee data is covered by the Data Protection Act and have a specific policy on the retention times for particular types of employee data.

As a general rule, information should only be retained as long as there is a clear business need for it and it should be securely destroyed (e.g. by shredding) after that period has passed.

Minimum retention times for employee data are as follows:

  1. Salary Records and Deductions

Records to be retained: Employers must collect and keep records of what they pay their employees and the deductions made, including a record of employee leave and sickness absence (see below).

Retention period: Three years after the end of the tax year to which the records relate. If full records are not kept, HM Revenue and Customs (HMRC) may estimate what the employer has to pay and charge a penalty of up to £3,000.

  1. Incapacity for Work

Records to be retained: Employers should keep Statutory Sick Pay (SSP) records (calculations, certificates, self-certificates: all sickness periods lasting at least four days; statutory sick pay (SSP) payments; and weeks for which SSP was not paid and why.

Retention period: Three years after the end of the tax year in which the sickness periods occurred and SSP payments were made.

  1. Working Time

Records to be retained: Records that are adequate to show that the requirements of the Working Time Regulations are being/have been met e.g. the limits on weekly working time, daily and weekly working time for young workers, and night work.

Retention period: Two years from the date on which the records were made.

  1. National Minimum Wage

Records to be retained: Records that are adequate to establish that every worker is being, or has been, paid at a rate at least equal to the National Minimum Wage.

Retention period: Three years from the day the pay reference period immediately following that to which the records relate ends.

  1. Absence during Pregnancy and Statutory Maternity Pay (SMP)

Records to be retained:

  • the date of an employee’s first day of absence from work, wholly or partly because of pregnancy or childbirth and, if different, the date of the first day when such absence commenced;
  • the weeks in that tax year in which Statutory Maternity Pay (SMP) was paid to that employee and the amount paid in each week;
  • any week in that tax year within the employee’s maternity pay period for which no payment of SMP was made (and the reasons why); and
  • any medical certificate or other evidence relating to the employee’s expected week of childbirth.

Retention period: Three years after the end of the tax year in which the employee’s maternity pay period ended.

  1. Statutory Paternity Pay, Statutory Shared Parental Pay and Statutory Adoption Pay

Records to be retained:

  • the date the paternity pay period, shared parental pay period or adoption pay period began;
  • the evidence provided by the employee in support of his or her entitlement to statutory paternity pay (SPP), statutory shared parental pay (ShPP) or statutory adoption pay (SAP);
  • the weeks in that tax year in which payments of SPP, ShPP or SAP were made and the amount paid in each week; and
  • any week in that tax year which was within the employee’s paternity pay period, shared parental pay period or adoption pay period but for which no payment was made (and the reasons why).

Retention period: Three years after the end of the tax year in which payments of SPP, ShPP or SAP were made.

  1. Employee HR files

Records to be retained:  HR files, including employee contracts.

Retention period: Six years after the employment terminates. This takes into account that there is the possibility that any documents relating to an employee could be relevant to a Tribunal, County Court or High Court claim, for up to six years after termination of employment. The Information Commissioner considers this as acceptable on the basis that an employer is keeping information to protect against legal risk.

  1. Job Applications

Records to be retained: CVs/application forms and interview records of unsuccessful candidates.

Retention period: Six months after notifying unsuccessful candidates of the outcome of their application. This takes into account the fact that a job applicant can bring a claim for discrimination in an Employment Tribunal within three months from the date of the rejection for the role, but also that this time limit can be extended where a Tribunal feels it is just and equitable to do so.

  1. Accident Records

Records to be retained: Records of accidents in the workplace.

Retention period: At least three years from the date on which the accident record was made.

Accident records are considered sensitive data and so employers must ensure that the personal information involved is not seen by other members of staff.

How should payments in lieu of notice be taxed from April 2018?

From 6 April 2018 all payments in lieu of notice will be taxable, whether contractual or non-contractual. Income tax and class 1 national insurance contributions will be due on the amount of basic pay that an employee would have received if they had worked their notice in full.

What are the current tax rules on payments in lieu of notice?

Currently, if you have a contractual right to make a payment in lieu of notice (‘PILON’), that payment is subject to income tax and national insurance contributions (‘NICs’).

If you don’t have a contractual right to make a PILON (because there is neither an express term in the employment contract nor an established custom and practice of making a PILON), any payment made in respect of an employee’s notice entitlement is generally regarded as ‘damages for breach of contract’ and the first £30,000 can be paid tax-free and without deduction of NICs.

What tax rules will apply to payments in lieu of notice from April 2018?

From 6 April 2018, all payments in lieu of notice will be taxable. The principle is relatively straightforward but there is a complex statutory formula for calculating the sum that should be taxed, known as ‘post-employment notice pay’ (‘PENP’). PENP is, broadly, the salary the employee would have received during any unworked period of notice minus any contractual PILON. It is calculated by reference to:

  • Basic pay only (before any salary sacrifice), disregarding bonus, overtime, commission, benefits in kind etc.; and
  • How much statutory or contractual notice (whichever is longer) the employer is required to give to terminate the contract.

PENP is subject to income tax and NICs in full. The balance of the termination payment is eligible for the £30,000 tax exemption and full NICs exemption (provided it is an ex gratia payment).

Statutory redundancy payments are exempt from PENP calculations and qualify for the £30,000 tax exemption, provided they are genuinely paid on account of redundancy.

The new rules will apply only where employment terminates on or after 6 April 2018.

There may be significant tax implications for non-contractual PILONs made from April 2018. For example:

  • An employee’s employment is terminated without notice on 30 April 2018. The employee is paid £5,000 monthly (basic pay); has a 3 month notice period; and there is no contractual PILON. They receive £35,000 compensation on termination. This an ex gratia damages payment, not linked to any contractual terms such as bonus entitlement.
  • Under the current rules, the whole compensation payment qualifies for the £30,000 exemption. Income tax is due on the balance of £5,000.
  • Under the new rules, income tax and NICs (both employer and employee) are due on the PENP of £15,000. The balance of £20,000 qualifies for the £30,000 exemption.

And from April 2019?

Currently if a termination payment qualifies for the £30,000 exemption, tax is due on any excess over £30,000 but no NICs are payable. From April 2019, employer NICs will also be due on the balance over £30,000. With employer NICs currently at 13.8% this will significantly increase the cost of some termination payments.

In practice

All employers should be aware of the new rules and think about how they might impact on any termination negotiations. It seems that PENP will need to be calculated for each employee whose employment is terminating including those with contractual PILON clauses (although we are still waiting for guidance from HMRC).

Where there is currently no contractual PILON clause:

  • Making a PILON where the termination date is 6 April or later will potentially result in significantly increased costs for both employer and employee.
  • Consider whether to exit any employees prior to April 2018 to take advantage of the more favourable tax position.
  • Think about including PILONs in contracts going forward. Having a PILON clause allows a payment in lieu of notice to be made without being in breach of contract, thereby preserving any post-termination restrictions. There will no longer be any tax benefit in not including one.

Please get in touch with us if you would like to discuss the impact of the new tax rules on your termination arrangements.

More about Protected Conversations

An employment relationship can sometimes run its course necessitating a frank conversation with an employee. It may be in the best interests of both parties to bring the employment to an end by way of a settlement agreement.

Often, the best way to start that process is by having a protected conversation.

What is a protected conversation?

The law allows an employer and an employee to have an ‘off-the-record’ conversation in certain circumstances.

If you or your employee are proposing to end your employment on agreed terms, the conversation can be kept confidential. This means that what you say can’t be used as evidence in an unfair dismissal claim. Although there are some exceptions, generally the conversation is protected.

What are the exceptions?

Protected conversations cannot be held in situations where dismissals are automatically unfair, such as those involving health and safety matters or where the protection of the Public Interest Disclosure Act is invoked. Neither is protection afforded to breach of contract or discrimination claims. This can be a problem. An employer may not know what issues are going to be raised by an employee during a protected conversation so always take advice from an HR professional and research as much of the history about the employee beforehand as you can. Recognise that in some situations having a protected conversation many not be the best route to take.

What should you do if you want to have a protected conversation with an employee?

If you’re planning to have a protected conversation with your employee, make sure you prepare in advance. You need as much information as possible. You may find it helpful to ask/research questions like:

  • Why are you proposing to terminate the employment?
  • Has the employee got a history of anything that might be relevant – grievances, disputes, sickness absence etc
  • How much are you offering and how has that been calculated? (Any notice pay would be taxable)
  • Will you expect your employee to work their notice period?
  • Will you be offering a reference?
  • What is the alternative if you don’t agree to a settlement agreement? I.e. manage their performance under an internal procedure which may result in termination for poor performance and notice pay only OR investigate an alternative role in the company?

Your employee is not under any obligation to accept any proposed settlement agreement. In fact, the law doesn’t allow anyone to accept it until they have taken independent legal advice on it (paid for by the employer usually capped at £350 plus VAT)

Ask your employee to confirm (once they have thought about it) whether they would like you to confirm the proposal in writing. This could be a draft settlement agreement or simply a letter or email. This will help you to clarify what is being offered but always ensure that any subsequent correspondence has ‘without prejudice’ in the title or heading.

Can an employee initiate a protected conversation?

Although a protected conversation is usually initiated by the employer, an employee can also request one, provided that it is with a view to agreeing a settlement agreement.

If your employee states that they’re willing to have an off the record conversation, you can go ahead with a protected conversation if you are minded to agree a settlement with them to leave. Let them know that the details of the conversation should be kept confidential because it’s with a view to reaching a settlement agreement.  Make written notes of the conversation you have had.

At the meeting, you could propose a settlement agreement yourself or you could ask your employee to make a suggestion for you to consider.

Although the most important aspect of a settlement agreement is usually the financial amount, you should consider non-monetary aspects such as:

  • a detailed reference
  • career coach support (professional help with finding another job)
  • release from anything in your employment contract that restricts you after the end of your employment
  • paying for a training course

What happens next?

You should give a reasonable period of time for your employee to consider any proposed settlement agreement. ACAS recommends 10 days, although employers rarely give this long in practice.

GDPR (what you need to know) part 3

This article forms part of our GDPR series in which Amelore employment experts offer practical advice, ahead of the coming-into-force of the GPDR in May 2018.

The General Data Protection Regulation (the Regulation) represents the most significant shift in European data protection legislation since the Data Protection Directive (enacted in the UK through the Data Protection Act) of the late 1990’s. The Regulation presents a very significant challenge to all data-driven units of modern business, not least human resources (HR).

In this article, we explore the legal and practical challenges the Regulation’s requirements pose to HR.

Scope

The GDPR expands the scope of European data protection legislation in both subject matter and territorial application. For the first time data processors (parties who process personal information on behalf of a data controller) will find themselves required to meet direct regulatory obligations. In addition, the Regulation’s intended jurisdiction is no longer restricted to EU-based organisations. The Regulation brings in scope any organisation selling to or monitoring the behaviour of EU citizens. Like much European law, the extent to which the Regulation will see successful enforcement outside of the EU is a developing area.

From a HR perspective, these provisions raise significant considerations for global employers, and providers of virtual HR and HRIS products. For a multinational employer, detailed understanding of global data flows will become an increasingly key. This is especially critical where a centralised storage and database solution manages global (both EU and non-EU group company) HR data. Non-EU group companies, using a shared resource, may find themselves directly affected by the GDPR.

For outsourced HR and recruitment, and HR software providers, the Regulation is set to present a new legal burden. At present, suppliers have, as data processors, enjoyed liability limited only to contractual arrangements with data controllers. Under the Regulation such processors will be required to comply directly with GDPR and by extension, face direct liability (and the same fine thresholds as data controllers under certain circumstances).

Fines

Regulatory fines under the GDPR are set to increase well beyond the ICO’s current enforcement ceiling of £500,000, representing a fundamental shift in risk profile for UK organisations.

That said, the Regulation grants Data Protection Authorities significant discretion as to whether and the extent to which fines will be imposed on an organisation, in the event of a breach.

In addition, the fine parameters are set against a two tier system to account for the comparative seriousness of different breaches.

From a HR perspective, it is critical for organisations to consider whether existing policies and procedures lack GDPR compliance, especially where time limits may be a factor, e.g. in relation to breach notification (see below).

Privacy Notices

The Regulation mandates a host of required information, which a data controller must provide to an individual data subject at the point at which personal data is collected. Non-exhaustively, these include details of:

  • the legal basis upon which personal data will be processed;
  • how long personal data will be retained;
  • if, and the extent to which, personal data will be transferred overseas, and, in the event that personal data will be transferred outside of the EEA, the appropriate safeguards in place to protect that data; and
  • the mechanism by which an individual would make use of their data subject rights, including:
    • how to make a subject access request; and
    • how to request the deletion or rectification of personal data.

These mandatory requirements present employer challenges both in relation to the employee/employer relationship and in the context of job applicant data.

Employers must consider whether existing employee and applicant notices meet GDPR requirements and consider how clarity and accessibility of notices can be ensured.

Employee Rights

The Regulation significantly enhances the rights of data subjects, which will in turn present greater compliance obligations for employers.

Areas which face significant change include:

  • the information to be provided to data subjects, in response to a subject access request – we will address this is in detail later in the series.
  • the Regulation mandates a more detailed set of information be provided to a data subject, particularly in relation to the purpose and means by which personal data is processed.
  • data rectification rights(in circumstances in which data held about a data subject is inaccurate or incomplete) – in some respects rectification rights remain unchanged under the Regulation. However, data controllers will now face a mandatory obligation to notify other third parties in the event that data is amended in response to a data subject request. Employers should be prepared to notify any third parties to which employee data has been transferred and consider how they might implement procedures to action this obligation in practice; and
  • the right to be forgotten– this new right presents a potentially significant practical challenge for employers, particularly where employee personal data is backed-up in somewhat inaccessible or complex systems. Much like rectification rights, a data subject’s right to have their personal data deleted on request should prompt all employers to consider how this would be practically achieved.

Breach Notification

The Regulation introduces dramatically enhanced requirements in relation to breach notification.

In summary a data controller:

  • must notify the relevant DPA within 72 hours of becoming aware of a breach, unless it can provide justification for a delay; and
  • is required to notify data subjects affected by a breach directly, without undue delay, if the breach is likely to present a high risk to the individual’s rights and freedoms.
  • This is tempered by exceptions, such as where the personal data is encrypted. Under these limited circumstances, controllers may be spared the obligation to notify data subject directly.

For HR, this presents a two-fold challenge. Should a breach originate within HR itself, effective co-ordination between HR and an organisation’s legal and/or compliance teams is likely to prove critical (especially when considering the tight timeframe for response). In addition, should the breach affect employee data and require data subject notification, HR is likely to play a key management role. Ensuring compliance will likely require a complete review of internal policies and procedures, with a particular focus on efficient internal communications. Data processors are also required to report breaches to data controllers.

Employee Consent

A change HR is likely to feel very directly is in relation to the use of consent as grounds for processing employee personal data. Non–specific consents to processing are unlikely to be considered valid under the GDPR.

Practical steps to compliance

The following are likely to prove critical risk management steps:

  • comprehensive gap analysis and business wide data protection audits;
  • a full review of internal and external policies, procedures, templates and information notices;
  • consideration of consent alternatives; and
  • consideration of (potentially mandatory) data protection officer appointment, and instruction of external legal/ compliance support.

Our next article will look at how to conduct a gap analysis and a wider data protection audit.

Looking forwards

The GDPR clearly represents a significant compliance hurdle. Employer’s must therefore maintain an awareness of developments at a national level, especially in relation to equality, recruitment and health and safety provisions.

Employers should however take some comfort that some element of harmonisation between EU data protection law and the UK’s eventual domestic position will be desirable. Compliance with the GDPR’s requirements, will likely be the most efficient way for organisations to futureproof.

Disclaimer

This document is for informational purposes only and does not constitute specific advice. It is recommended that specific professional advice is sought in relation to your situation and organisation before acting on any of the information given.

GDPR – Employee record keeping and beyond

In a series of blogs, Amelore begin to look at GDPR from a HR perspective to ensure employers are ready for the new requirements in respect of their employee data and beyond. This will form part of a continuous focus on this hot topic until May 2018 when GDPR goes live. We appreciate many companies may not yet of begun their GDPR journeys, so we will be offering advice and guidance in short blogs.  We will also help to signpost employers to useful information which extends beyond the processing of employee data.

GDPR is itself an extension of existing UK data protection laws. This new legislation builds on the Data Protection Act (DPA) which employers already need to adhere to. DPA principles cover areas such as ensuring employers keep accurate, secure information.

The ICO (Information Commission’s Office) are at the forefront of helping organisations understand this evolution of our data protection laws. They recently published GDPR Myths. This series of blogs helps to demystify the new regulations.

Data breach – what an employer needs to do?

In ICO’s latest blog they provide valuable advice and guidance on how employers need to respond if a data breach occurs. They report that some employers have expressed concern that any data breach needs to be reported and that huge fines will ensue. The ICO say this is not the case and that only breaches that are likely to risk people’s rights and freedoms will need to be reported.

The ICO also point out that fines will be proportionate and that companies who are open, honest and report without undue delay can avoid fines. It is expected that by now, larger organisations will already have appointed a Data Protection Officer (DPO). However, smaller organisations are also advised to consider who in their organisation is responsible for data. We would advise all organisations, no matter how small, to know who is responsible for data (again not just employee data) and who is responsible for reporting a breach should it occur. This starts to form a robust approach to data governance.

Employee data processing

Employee data processing will be a key focus for many organisations, however some employers may be worried about any potential changes to how they currently store their data.

All organisations will be storing employee records in some way, shape or form; so you are now advised to review these filing systems, including the security of the data you are processing in respect of employing people, to ensure robustness. We have already observed some organisations writing to their third-party data processers asking for evidence of their compliance.

Handlers of this data need to make sure they are processing data fairly and for legitimate purposes. Furthermore, if they are transferring it outside of the EEA there are specific safeguards in place.

For those employers wondering if the UK’s exit from the EU will affect GDPR the government has already confirmed it will not. However, please note that International companies operating across EU states will need to work out who their lead data protection supervisory board is.

Further still, forming a data protection working party or project team to audit what data is being processed is also advisable. Many companies are already helping organisations with data mapping and auditing. Amelore work closely with Mazars to provide a range of services for our clients.

In summary, the good news is that common sense does prevail and that the processing of data where it is necessary for the performance of a contract will be a valid reason for processing. If you have any queries or questions in relation to any of the points made please contact Amelore for further advice and guidance.

We will continue to focus on this topic as we approach next year tackling other aspects of the GDPR (link to first blog) in further detail; such as consent, the right to be forgotten, and subject access requests.

 

GDPR countdown – are you ready?

The new  General Data Protection Regulations (GDPR) come into place in May 2018, you need to start preparing now as time is fast running out.

Changes to the governance of data will have far-reaching consequences for businesses, GDPR will determine how your business does business, and particularly how it manages, protects and administers data in the future.

Europe has a plethora of different data protection regimes in each EU country. Organisations have to deal with many different sets of rules depending on where they setup their business and sell their products or services. The GDPR will harmonise data protection laws across the EU and will also apply to organisations across the world. Any company that processes personal data about EU citizens whether they reside in the EU or elsewhere in the world will need to abide by the GDPR.

European companies are still wrestling with how they are going to be compliant with the law in less than a year. Companies from other parts of the world may not have even heard of the GDPR, and therefore might not be aware of the possible impact upon them. As citizens from EU countries do business and exchange data with companies across the globe, the GDPR is something that international companies outside the EU need to be aware of and should be planning for. Failing to do this could seriously hinder their ability to market and sell their products and services in the EU.

Who needs to be GDPR compliant?

It is imperative that organisations that offer goods and services to EU citizens, and that subsequently process their personal data, are compliant with the GDPR. 

A global study by Veritas showed that businesses are worried that they will not be compliant by the May 2018 deadline. Research showed that 56 per cent of respondents in Singapore, 37 per cent in the US and more than 60 per cent in Japan and South Korea, are worried they will be unable to meet the May 2018 deadline for compliance.

More than 90 per cent of organisations in Singapore showed concern by the potential business disruption from GDPR. Around 20 per cent fear that their company may go out of business as a result.

These are alarming figures for foreign companies that do business in the EU.

The GDPR represents a shift across the world towards a culture of safeguarding personal data, especially considering the global reach of the legislation.

What you should already be considering

As the clock is ticking companies should be working towards compliance in a structured manner including:

  • rolling out GDPR awareness programmes across the business;
  • ensuring representation and input from all key business functions;
  • data mapping all personal data flows in and out of the organisation;
  • creating an information asset register; and
  • undertaking a gap analysis against the GDPR compliance requirements, including consent notices, privacy impact assessments and contractual arrangements with 3rd parties with whom personal data is shared.

These will form part of the building blocks to determining how much further work is required for the business to be compliant by Spring 2018. Many businesses will require significant changes to policies, procedures and working practices. Smaller businesses which collect process and store limited personal data may be less affected but may still need to make some changes to comply with the new legislation.

Clearly organisations that started to work towards GDPR compliance early on are ahead of the game and have a better appreciation of the level of effort that’s required to make some of the changes required to comply.